# A2 **Deadline:** Wednesday, 02/24/16, 11:59 pm *This assignment may be done as individuals or with one partner. Teams of size three or greater are not permitted. If you do use a partner, you might try the following strategy: one of you drafts an answer to problem 1, the other drafts an answer to problem 2, then you meet to critique and improve each other's answers.* ### Problem 1 First, **perform a threat analysis and harm analysis** on the following system. In doing so, you should answer these questions: 1. What are the assets of the system? 2. What are the threats of concern? What are their motivations and capabilities? Are there any threats that are excluded? 3. For each asset, and for each aspect of security (confidentiality, integrity, availability), what are the possible harms that could occur? Second, **write security goals** for the system based on your analysis. If any goals are infeasible, identify ways to relax the goals. **Email System.** *Users login by directing their web browser to a prespecified URL then entering both an identifier (i.e., a user name) and a password. This starts a session that is associated with the specified identity. The system displays in a preview frame a list of email messages. For each message, the name of the sender and the subject of the message are displayed. During a session, a user can view the body of a message, reply to or delete a message, compose a new message, and logout hence end the session.* Note that the functional requirements sketched above deliberately leave many details of the system ambiguous. Where necessary, feel free to resolve those details in your answer, but also clearly state any additional assumptions you make. ### Problem 2 Repeat what you did in Problem 1, but for the following system: **Smart Meter System.** *Users have an electricity meter installed outside their house. The meter is connected to a WiFi home area network (HAN), as are major appliances inside the house; assume that the HAN is not bridged to the public Internet. The meter is also connected to a cellular (e.g., GSM) wide area network (WAN), which enables communication with the electrical utility company. The meter reports to the utility company the amount of electricity used each hour. The utility company can send hints to the meter to conserve energy, which the meter relays to appliances on the HAN; some appliances might choose to enter lower-power modes when they receive such a message.* ### Problem 3 Follow the these instructions to familiarize yourself with FindBugs: * Download and unzip [Findbugs 3.0.1](http://findbugs.sourceforge.net/downloads.html). Also download `gradesystem.zip` from CMS. This is part of the source code of a course project from a previous semester. Please do not redistribute this code. * Launch the FindBugs GUI by running `FBROOT/bin/fb gui`, where `FBROOT` is the directory in which you unzipped the file in step 1. * In the FindBugs GUI, choose File->New Project. Give the project a name of your choice. Add to the "Classpath for Analysis" the gradesystem.zip file you downloaded in the previous part of the lab. Add to "Source Directories" the same gradesystem.zip file. Run the analysis. * Use the View menu to view only Scary bugs. Then only the Scariest bugs. Then All Bug Ranks. * Experiment with viewing bugs in different ways using the "Group Bugs By" interface. Drag-and-drop the different bug attributes ("Bug Kind", "Category", etc.) to see how bugs can be sorted in various ways. Then write answers to the following questions: 1. How many bugs of Troubling or worse rank exist in the Security category? 2. Examine the rank 12 bug "read of unwritten field logDisplay in Client_Second.connectClient" in the Correctness category. What is the potential problem that results from this bug? Did the analysis miss an initialization of this field? Or did the programmer fail to initialize it? How should this bug be fixed? 3. Examine any of the security bugs identified by the analysis in ConnectionClass.java. What is the potential problem that results from this bug? *Hint: read about [SQL injection](https://en.wikipedia.org/wiki/SQL_injection).* ### Submission If you work with a partner, first form a group on CMS; submit as that group, rather than submitting the same solution independently. Submit a single PDF to [CMS][cms]. Use 10 point or larger type. Be succinct; it's unlikely you will need to write more than a page or two per problem. [cms]: https://cms.csuglab.cornell.edu/ ### Evaluation You will be evaluated on the quality of your solutions and on your adherence to the submission stipulations above. We'll use the following criteria in evaluating quality: - *Validity:* do you present a logical, lucid, coherent, clearly focused, well structured, and appropriately detailed argument? - *Consistency:* do you employ concepts, principles, and terminology as they are used in this course? - *Evidence:* do you adequately support your conclusions? - *Writing:* do you use proper mechanics, grammar, and style?